nanog mailing list archives
Re: Can somebody explain these ransomwear attacks?
From: Brandon Svec via NANOG <nanog () nanog org>
Date: Thu, 24 Jun 2021 15:40:29 -0700
I think a big problem may be that the ransom is actually very cost effective and probably the lowest line item cost in many of these situations where large revenue streams are interrupted and time=money (and maybe also health or life). The original thought that it should be handled like standard DR and tighten up security may apply to very small businesses though where they could afford to try to ignore the ransom request and rebuild more securely hoping the criminals will move on and not come back for revenge.
On Jun 24, 2021, at 3:08 PM, Shane Ronan <shane () ronan-online com> wrote: A lot of the payments for Ransomware come from Insurance Companies under "Business Interruption Insurance". It in fact may be more cost effective to pay the ransom, than to pay for continued business interruption. Of course along with paying the ransom, a full forensic audit of the systems/network is conducted. The vector for many of these attacks is via a worm triggered by someone opening an attachment on an email or downloading compromised software from the Internet. Short of not allowing email attachments or blocking Internet access, the best method is to properly train users to not click on attachments or visit "untrusted" sites, but nothing is perfect. Shane On Thu, Jun 24, 2021 at 6:01 PM Michael Thomas <mike () mtcc com <mailto:mike () mtcc com>> wrote: On 6/24/21 2:55 PM, JoeSox wrote:It gets tricky when 'your' company will lose money $$$ while you wait a month to restore from your cloud backups. So Executives roll the dice to see if service can be restored quickly as possible keeping shareholders and customers happy as possible.But if you pay without finding how they got in, they could turn around and do it again, or sell it on the dark web, right? MikeOn Thu, Jun 24, 2021 at 2:44 PM Michael Thomas <mike () mtcc com <mailto:mike () mtcc com>> wrote: Not exactly network but maybe, but certainly operational. Shouldn't this just be handled like disaster recovery? I haven't looked into this much, but it sounds like the only way to stop it is to stop paying the crooks. There is also the obvious problem that if they got in, something (or someone) is compromised that needs to be cleaned which sounds sort of like DR again to me. Mike
Current thread:
- Can somebody explain these ransomwear attacks? Michael Thomas (Jun 24)
- Re: Can somebody explain these ransomwear attacks? JoeSox (Jun 24)
- Re: Can somebody explain these ransomwear attacks? Michael Thomas (Jun 24)
- Re: Can somebody explain these ransomwear attacks? Shane Ronan (Jun 24)
- Re: Can somebody explain these ransomwear attacks? Brandon Svec via NANOG (Jun 24)
- Re: Can somebody explain these ransomwear attacks? Jim (Jun 25)
- RE: Can somebody explain these ransomwear attacks? Jean St-Laurent via NANOG (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Tom Beecher (Jun 25)
- RE: Can somebody explain these ransomwear attacks? Jean St-Laurent via NANOG (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Anne P. Mitchell, Esq. (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Karl Auer (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Michael Thomas (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Karl Auer (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Michael Thomas (Jun 24)
- Re: Can somebody explain these ransomwear attacks? JoeSox (Jun 24)
- Re: Can somebody explain these ransomwear attacks? Aaron C. de Bruyn via NANOG (Jun 25)
- Re: Can somebody explain these ransomwear attacks? Tom Beecher (Jun 25)